Improper Access Control Vulnerability in TOZED ZLT M30s UART Interface
CVE-2025-15083

1LOW

Key Information:

Vendor

Tozed

Status
Zlt M30s
Vendor
CVE Published:
25 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-15083?

A vulnerability exists in the TOZED ZLT M30s devices, specifically in the UART interface's on-chip debug and test functionalities. This flaw allows for unauthorized access, potentially exposing critical device operations to malicious actors. The complexity of such attacks implies that while they may be difficult to execute, the ramifications can be severe if successful. Despite proactive disclosure to the vendor, no response was received, raising concerns about the urgency of addressing this security issue in the affected devices.

Affected Version(s)

ZLT M30s 1.0

ZLT M30s 1.1

ZLT M30s 1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15083 - Proof of Concept

References

https://vuldb.com/?id.338411
vdb-entry
https://vuldb.com/?ctiid.338411
signaturepermissions-required
https://vuldb.com/?submit.707974
third-party-advisory

CVSS V4

Score:
1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

S33K3R (VulDB User)
JSON
.
CVE-2025-15083 : Improper Access Control Vulnerability in TOZED ZLT M30s UART Interface